Information Rights Management, protect your files even if a user leaves.
Microsoft 365 information rights management protects files in a very unique way, by directly implementing the behaviour on the Office Apps. By doing this, even if a user makes a backup of the files to an external drive, the files won't work when the user access is removed.
There are two mains ways to protect files, AIP (Azure Information Protection) and IRM (Information Rights Management). AIP is a more complete way of protecting your files, the main differences being it doesn't only apply to Office Files (like IRM does) and it allows you to setup rules, labels and behaviour in the files (like prohibiting emails of being forwarded).
Azure Information Protection provides more protection to your sensitive files than IRM, for instance it will ask if you'd like to put a label called "Sensitive Financial Information" when you reference a credit card number on an email or word document. This label will only allow users inside your organization to view the file
So why should you opt for IRM seeing AIP is more complete? Well , because IRM is a lot easier to implement and Microsoft has discontinued the Client app used to apply the data protection labels
"As we progress on our journey to bring our customer labeling and protection experience using native applications such as O365 Office apps we will not be developing the AIP UL client and will be focusing to bring such value In a more natively integrated way."
Sow how do I use Information Rights Management ?
IRM is configured at the Sharepoint library level. By default, the following options described below should show up, if not please jump to the next list and performe the steps
Activate Information Rights management on a Sharepoint Library:
- Open or Create a new Sharepoint Document Library in a Sharepoint Site
- Click on the settings button and select "Library Settings"
- Click on the link Information Rights Management (under the Permissions and Management column)
- Select "Restrict Permissions on this library on download". Why on download ? Because when the user access is removed he/she won't be able to access the online version, only what has already been downloaded
- Click "Show Options". Review the options and check what you've like to enable, but the one that controls access after user account has been removed is the: Users must verify their credentials using this interval (days)
- Set how many days the user needs to sign in to confirm the account is still active. For instance, every 10 days means the credentials will be asked in periods of 10 days, if the device doesn't have access ot the internet for 10 days, it won't be possible to open it.
- Click "Ok". It will take a while for the changes to reach the users who have already synced the files.
What if I don't see the Information Rights Management option on the Libaray Settings ?
- Open Sharepoint Admin Center as a global admin or SharePoint admin.
- In the left pane, choose settings, and then choose classic settings page
- In the Information Rights Management (IRM) section, choose Use the IRM service specified in your configuration, and then choose Refresh IRM Settings
What Licenses do I need to activate Information Rights Management
To activate the feature you need a license which has Information Rights Management , the cheapest one would be Microsoft 365 F1, you should even be able to remove it after it's activated. Microsoft 365 F1 license price should be 2€/month